Meraki

Community

Whitelisting an IP for access to the network

Padraig
Conversationalist
‎Jan 8 2021 6:20 AM
‎Jan 8 2021 6:20 AM

Whitelisting an IP for access to the network

I have a public IP address I want to whitelist for remote access to the network. I can only see whitelisting for URLs. Is IP whitelisting possible on Meraki?

0 Kudos
7 Replies 7
ww
Kind of a big deal
Kind of a big deal
‎Jan 8 2021 7:18 AM
‎Jan 8 2021 7:18 AM

https://documentation.meraki.com/MX/NAT_and_Port_Forwarding/Port_Forwarding_and_NAT_Rules_on_the_MX

 

I think looking for "Allowed remote  ip"?

0 Kudos
KarstenI
Kind of a big deal
Kind of a big deal
‎Jan 8 2021 8:19 AM
‎Jan 8 2021 8:19 AM

Are you talking about Rremote Access VPN to the MX? I am not aware of any config to restrict the VPN-clients IP.

 

Not sure if it is worth the effort, but if you authenticate the VPN-user with RADIUS, you could filter on the RADIUS-Attribute "Calling-Station-ID" which is the IP of the remote client.

 

EDIT: I just remembered (and quickly confirmed that this is also the case with MX version 15.37) that the MX does not send this RADIUS attribute. So this "workaround" will not work as it would for example with a Cisco ASA/FTD!

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
‎Jan 8 2021 12:46 PM
‎Jan 8 2021 12:46 PM

I don't understand the intent of your question.  Can you explain what you are trying to achieve?

In response to PhilipDAth
Padraig
Conversationalist
‎Jan 19 2021 12:39 PM
‎Jan 19 2021 12:39 PM

I have a PC and other devices at a particular Jobsite and I want to remote into this jobsite to access these devices from my office location. I only want access to be allowed from my PC in my office, no other PCs.

0 Kudos
In response to Padraig
cmr
Kind of a big deal
Kind of a big deal
‎Jan 19 2021 1:01 PM
‎Jan 19 2021 1:01 PM

If you have an AP you can add it to the sites network, or use the client VPN.  Are neither of these possible for you?

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
In response to cmr
Padraig
Conversationalist
‎Jan 19 2021 1:03 PM
‎Jan 19 2021 1:03 PM

Ok. What has the AP got to do with this? I am not in the same LAN.

0 Kudos
In response to Padraig
cmr
Kind of a big deal
Kind of a big deal
‎Jan 19 2021 1:08 PM
‎Jan 19 2021 1:08 PM

You can have an AP where you are using the MX at the site as a concentrator, so you end up on the LAN

If my answer solves your problem please click Accept as Solution so others can benefit from it.
0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.